pfSense

05/18/2012

07:49 PM Revision 1346306c: Allow 802.1p tags to be controlled from firewall rules edit screen

Ermal LUÇI

05:58 PM Feature #2438 (Duplicate): Inbound traffic shaping on unpredictable ADSL - the qosmon approach

I've been using pfSense for some time now, and it's wonderful. I've never been able to solve a problem, anyway: QoS o... Stefano Marinelli

05:12 PM Bug #2437 (Resolved): PHP missing bcmath (that was solved for pfSense 2.0 two years ago, re-discovered in the latest pfSense 2.1)

1.
When "Radius Accounting" is enabled and trying to disconnect a connected client in the captive portal gui - the f... Yuri Keren

05:10 PM Revision 26c31b86: Merge pull request #109 from marcelloc/patch-11

Patch 11 Scott Ullrich

05:09 PM Revision 38026252: Include movable code to reorder list,save button, domtt title messages, also base64 decode option, description and custom text to checkbox fields.

New options need xml config to be included on package xml files, so no changes to packages that do not use these func... Marcello Silva Coutinho

03:36 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)

Also worth noting, though similar to the fact that it happens if you upgrade from 2.0.1 (noted above) is that loading... Mark Uhde

04:11 AM Revision 9c408ade: Merge pull request #108 from vizvayu/dashboard-cpufreq-update

System info widget on dashboard now updates CPU Frequency automatically Scott Ullrich

03:53 AM Revision 4dedd18a: System info widget on dashboard now updates CPU Frequency automatically

Cristian Feldman

03:41 AM Revision 735021f5: Merge pull request #94 from vizvayu/master

Added description text for IPSec tunnel status in "Status: IPsec" page Chris Buechler

01:37 AM Revision a425a28b: Moved status text to img title (tooltip)

Cristian Feldman

01:37 AM Revision 4976f453: Added description text for IPSec tunnel status in "Status: IPsec" page

Cristian Feldman

12:17 AM Revision c1361a9f: feature #2413 Allow IPv6 interface configuration from the menu

Darren Embry

05/17/2012

11:17 PM Revision 416e1530: normalize indentation

Darren Embry

11:02 PM Revision cd485c4f: remove some log_error calls

Darren Embry

11:00 PM Revision 283d78c6: bug fix for #2426

Input validaton on interface gateway creation box needs to reject duplicate names Darren Embry

10:33 PM Revision a0edece9: report errors adding a gateway through ajax calls

Darren Embry

09:32 PM Revision 8dcca9b5: - also rename $section arg to $section_name in some functions to clarify

- also robustify parsing for <tagname> and bulletproof the handling of
certain errors Darren Embry

09:30 PM Revision 428c289f: allow null to be passed as 2nd arg to parse_config_xml*

in which case entire config is returned Darren Embry

09:14 PM Revision ff9fbc7b: fix 'XML error: no Array object found!' errors

Darren Embry

08:49 PM Revision 976d0213: fix cosmetic bug when developer was turned on.

highlight the hidden menu item differently. Darren Embry

08:13 PM Feature #2413 (Feedback): Allow IPv6 interface configuration from the menu

implemented in commit:c1361a9f
I've done basic testing but this needs a lot more testing than i'm able to do so i'... Darren Embry

07:43 PM Revision dcb94db5: fix for #2231

Don't activate master "Save Settings" button on traffic graph min/max. Darren Embry

07:22 PM Revision f757431d: more verbose log_error on rrdtool restore failure

Darren Embry

07:22 PM Revision 5d51f00e: log_error if rrdtool restore calls fail

Darren Embry

07:16 PM Revision 08877746: restore_rrddata() adds log_error calls and uses -f

Darren Embry

07:13 PM Revision 7a865f03: add -f to 'rrdtool restore' call

Darren Embry

06:58 PM Bug #2426 (Resolved): Input validaton on interface gateway creation box needs to reject duplicate names

fixed in commit:283d78c6 Darren Embry

04:53 PM Bug #2426: Input validaton on interface gateway creation box needs to reject duplicate names

Darren, do you think you can prevent this duplicate name issue in the Ajax call?
Seth Mos

06:55 PM Revision 7eead1fc: add rrddata to backup/restore dropdowns.

Darren Embry

06:05 PM Revision c9a19238: indentation cleanup

Darren Embry

06:03 PM Revision 754b75d0: move certain code to new function restore_rrddata()

Darren Embry

05:46 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)

I just want to say, that amd64 architecture is affected also.
Have just tried it. Vladimir Suhhanov

05:30 PM Feature #2356: Fill the "Track Interface" prefix drop down list asynchronously

Seth, reassigning to you for you to test/close/assign back to me as needed. Darren Embry

05:29 PM Feature #2436 (Feedback): Enhance the restore section of the Backup/Restore section

Fixed in commit:428c289f and commit:8dcca9b5.
Reassigning to you so you can do further testing.
Please close if e... Darren Embry

03:48 PM Feature #2436 (Resolved): Enhance the restore section of the Backup/Restore section

If restoring a partial config, we currently assume that only that section is uploaded. This is somewhat counterintuit... Seth Mos

04:37 PM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 90164860 bytes) in /usr/local/www/di... Seth Mos

03:21 PM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools

I've also added "RRD Data" as a backup option in the dropdowns. Requires a little special handling in diag_backup.ph... Darren Embry

03:18 PM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools

I've confirmed that -f is actually necessary anyway and added -f and log_error calls on failure to all the rrdtool re... Darren Embry

10:12 AM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools

The quick test I just did, backup config.xml on i386, upgrade to amd64, then restore config.xml didn't fix the RRD fi... Seth Mos

04:17 PM Bug #2231 (Resolved): Dashboard: Traffic Graph: Unable to save settings

Darren Embry

03:38 PM Bug #2231: Dashboard: Traffic Graph: Unable to save settings

fixed in commit:dcb94db5 Darren Embry

12:25 AM pfSense Packages Bug #2435 (Resolved): SquidGuard: Deprecated function 'eregi' warnings

In squidguard_configurator.inc, there are a number of uses of @eregi()@ which is now deprecated in PHP 5.3. This cau... Moshe Katz

05/16/2012

06:03 PM Revision b61e8960: Teach mwexec and mwexec_bg how to optionally clear signal masks, and use that when launching ntp or ntpdate.

Jim Pingle

05:21 PM Revision 10e741d5: ntpdate was hanging, use the same hacky fix that works for ntpd and it works too. All happy, even from a cold boot on ALIX 2d3 with no RTC battery.

Jim Pingle

05:17 PM Revision 9cf11774: Fixup halt and reboot to catch the output from the shutdown process properly.

Conflicts:
usr/local/www/halt.php
usr/local/www/reboot.php Jim Pingle

05:15 PM Revision b40e9b1c: Fixup halt and reboot to catch the output from the shutdown process properly.

Jim Pingle

02:57 PM Revision b3f2cc0f: Fixup ntpd logging

Jim Pingle

02:49 PM Revision 90df3bd8: On its own, ntpd does not sync fast enough at bootup, so bring back the ntpdate sync but improve it so it can't get stuck forever.

Conflicts:
etc/rc.newwanipv6 Jim Pingle

02:48 PM Revision 0b8e9d38: On its own, ntpd does not sync fast enough at bootup, so bring back the ntpdate sync but improve it so it can't get stuck forever.

Jim Pingle

09:48 AM Bug #2231 (New): Dashboard: Traffic Graph: Unable to save settings

Something still isn't 100% here - When you activate a drop-down to expand one of the closed graphs, it also activates... Jim Pingle

05/15/2012

09:01 PM Revision 317d1c0b: Hackish workaround for ntpd failing to move away from init when called from within PHP 5.2, PHP 5.3 has a better workaround.

Jim Pingle

08:50 PM Revision df973fcb: Revert "Clear process signals before exec() or ntpd misbehaves if called from PHP on i386." -- this only works on PHP 5.3

This reverts commit ac4bc5853f75a8f8467f5c53704f33e2066c3da6. Jim Pingle

08:42 PM Revision 82deea60: Fix syntax here too in case we need to revive it.

Jim Pingle

08:41 PM Revision 11e06906: Fix syntax here too in case we need to revive it.

Jim Pingle

08:37 PM Revision 7dab8995: Clear process signals before exec() or ntpd misbehaves if called from PHP on i386.

Jim Pingle

08:36 PM Revision ac4bc585: Clear process signals before exec() or ntpd misbehaves if called from PHP on i386.

Jim Pingle

08:08 PM Revision d80eae9a: Update gitsync with latest changes from master branch

feef287ead62815b1a67bac15ebaa2d36226d4e2 - Remove obsolete files after gitsync
26b8990538c71c99df8e95fd5fada57f79465d... Erik Fonnesbeck

07:26 PM Revision ae26412f: Move git package name/URL to the configuration variables section.

Erik Fonnesbeck

06:27 PM Revision da5b3e83: Merge pull request #107 from bcyrill/patch-1

correct closing tags Jim Pingle

06:22 PM Revision ec18e696: correct closing tags

Cyrill B

05:45 PM Revision e37eeb49: Only process this if it's an array

Jim Pingle

05:05 PM Revision ac911619: Use a text description instead of a code.

Jim Pingle

05:04 PM Revision 0770e603: Add NTP status page using ntpq.

Jim Pingle

05:04 PM Revision 321f3076: Use FreeBSD's ntpd instead in the backend

Jim Pingle

05:04 PM Revision 49551bbf: With FreeBSD's ntpd, the current options are irrelevant, but we can have a nice status page

Conflicts:
usr/local/www/fbegin.inc Jim Pingle

05:01 PM Revision a0c16779: Fix ntp name here too

Conflicts:
etc/inc/priv.defs.inc Jim Pingle

05:00 PM Revision 02414e3a: s/OpenNTPD/NTP/ for log pages and menu entry, to save space (and make it easier if we switch)

Conflicts:
usr/local/www/diag_logs.php
usr/local/www/diag_logs_auth.php
usr/local/www/diag_l... Jim Pingle

03:44 PM Revision c886fed9: As suggested by wagonza, using SAMEORIGIN for X-Frame-Options is sufficient here, and does allow the traffic graphs to work. Fixes #2419

Jim Pingle

03:11 PM Revision 29c2c1db: Fix quoting - can't use ' if we want to expand a variable inside the string.

Jim Pingle

02:35 PM Revision 25890c50: Use a text description instead of a code.

Jim Pingle

11:40 AM Bug #2419 (Feedback): Possible Clickjacking Vunerability

Applied in changeset commit:c886fed9ba6a19fface58c918be5d7b111cca1f3. Jim Pingle

10:56 AM Bug #2419 (New): Possible Clickjacking Vunerability

Adding this bit in auth.inc broke the realtime traffic graphs:
@Header("X-Frame-Options: DENY");@
We either nee... Jim Pingle

05/14/2012

08:30 PM Revision e078c882: Add NTP status page using ntpq.

Jim Pingle

07:44 PM Revision 42135f07: Use FreeBSD's ntpd instead in the backend

Jim Pingle

06:50 PM Revision a8543b59: With FreeBSD's ntpd, the current options are irrelevant, but we can have a nice status page

Jim Pingle

06:17 PM Revision ffc7d2c4: Fix ntp name here too

Jim Pingle

06:11 PM Revision ae2c143a: s/OpenNTPD/NTP/ for log pages and menu entry, to save space (and make it easier if we switch)

Jim Pingle

04:39 PM Revision 547c56c4: Create $altnames earlier, and also fix a bracing issue with this if statement. Fixes certificate importing.

Jim Pingle

04:27 PM Revision e052047d: Whoops, don't flip these since I negated the test.

Jim Pingle

03:09 PM Revision d9c96fb1: Flip this test around since it's safer to assume the dev mode is tun. Ticket #2432

Jim Pingle

02:03 PM Revision 93efafec: Fix redirect when saving settings in the widget, it was landing on the widget page instead of returning to the dashboard.

Jim Pingle

02:02 PM Revision e6b16f89: Fix redirect when saving settings in the widget, it was landing on the widget page instead of returning to the dashboard.

Jim Pingle

01:08 PM Revision 310c29c6: Make the ppp-linkup script understand both address families.

Seth Mos

12:54 PM Revision e32cb5d0: Make the ppp-linkup script understand both address families.

Seth Mos

12:23 PM Bug #2432: OpenVPN Client Specific Override ifconfig-push

Yeah you're right I started to fix it one way then changed my mind halfway, but didn't back out the original change. ... Jim Pingle

12:19 PM Bug #2432: OpenVPN Client Specific Override ifconfig-push

I understand your concern about upgrade users since i appreciate when upgrade runs smoothly.
I've looked at the ... Davy Gigan

11:03 AM Bug #2432: OpenVPN Client Specific Override ifconfig-push

Not sure that making them server-specific will be feasible. At the very least, that will cause problems for upgrade u... Jim Pingle

10:48 AM Bug #2432 (Closed): OpenVPN Client Specific Override ifconfig-push

Hello,
I'm using a snapshot of pfSense 2.1 (20120419-1059). My pfSense installation holds two distinct VPN serve... Davy Gigan

11:25 AM pfSense Packages Bug #2429: Hostname issues in OpenVPN Client Export

I replaced the two {{ with { in /usr/local/pkg/openvpn-client-export.inc on two lines in the file.
It works perfectly! Thomas Svedin

10:20 AM pfSense Packages Bug #2429 (Feedback): Hostname issues in OpenVPN Client Export

Applied in changeset commit:0d639e580d2fc2651a4386a4248ac9e9b97d949d. Jim Pingle

05:14 AM pfSense Packages Bug #2429 (Resolved): Hostname issues in OpenVPN Client Export

When i select installation hostname when i export it looks like this in the configuration file:
remote host.{domain.... Thomas Svedin

09:44 AM Bug #2431 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)

This has already been fixed in 2.0.2/2.1. Jim Pingle

06:02 AM Bug #2431 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)

Warning message displayed :... Xavier Romain

09:43 AM Bug #2430 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)

Duplicate Jim Pingle

06:36 AM Bug #2430: Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)

Sorry for duplicate submit. Xavier Romain

06:02 AM Bug #2430 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)

Warning message displayed :... Xavier Romain

05/11/2012

04:49 PM Revision bbdc5919: remove the stuff triggering display of relay protocol row

Darren Embry

04:49 PM Revision 06d84cf3: allow port in virtual servers to be left blank

in which case listening port would be inherited from the pool Darren Embry

04:49 PM Revision 183ea34c: allow aliases for the ipaddr field in virtual servers (PEV-394754)

Darren Embry

03:16 PM Revision 777c202f: make use of the correct file to send notifications

Warren Baker

03:12 PM Revision 62fc138e: make use of the correct file to send notifications

Warren Baker

03:04 PM Revision 937cec84: fix for bug #2422 could not remove entries from CP Allowed Hostnames

Darren Embry

11:34 AM Bug #2428 (Resolved): Removing a limiter breaks any references to limiters after it

It appears that the limiters are referenced only by their index in the current list of limiters, instead of by name o... Jim Pingle

11:08 AM Bug #2427 (Feedback): /etc/rc.firmware_notify

Wrong file been referenced. Fix in commit:62fc138e7096d9b28026a86244baad56980494f4 Warren Baker

06:36 AM Bug #2427 (Resolved): /etc/rc.firmware_notify

When doing an upgrade the shell script /etc/rc.firmware is executed. As part of the upgrade process this script execu... Warren Baker

10:59 AM Bug #2422 (Resolved): Captive Portal: Allowed Hostnames tab - cannot remove a previously added hostname

fixed in commit:937cec84
Darren Embry

07:29 AM Bug #2426: Input validaton on interface gateway creation box needs to reject duplicate names

[Edit: the ticket system seems to have chopped off all my text except the last line...]
The real issue is making a d... Jim Pingle

04:31 AM Bug #2426 (Resolved): Input validaton on interface gateway creation box needs to reject duplicate names

If two gateways are created with the same name/label, and one of them is set as default for an interface, it's not po... Max Frames

05/10/2012

07:17 PM Revision 4dfd930e: cleanup: code for building arrays for autocompleted fields

Darren Embry

06:25 PM Revision c9649cf8: Merge pull request #106 from irvingpop/master

max_procs adjustments for small memory systems, attempt 2 Scott Ullrich

06:17 PM Revision 98f20e35: max_procs adjustments for small memory systems, attempt 2

Per Jim P's feedback, move max_procs completely out of
system_webgui_start() and move all of the memory/procs decis... Irving Popovetsky

06:00 PM Revision 5b84bd65: add autocomplete for port (PEV-394754)

Darren Embry

05:51 PM Revision 04d4bcdf: use get_alias_list for port field in load_balancer_pool_edit

Darren Embry

05:48 PM Revision a0539faa: prep work: function get_alias_list()

I wrote this function primarily to remove a lot of duplicate code
that's there because of a lot of those autocomplete... Darren Embry

04:39 PM Revision a1f77238: add autocomplete to load_balancer_pool_edit.php (PEV-394754)

we also enable the json extension here. Darren Embry

04:05 PM Revision 9b420daf: fix a bug in anti-clickjack that made all pages blank

https://github.com/bsdperimeter/pfsense/commit/babac37a3b9a676525fff422011b9f3c0f9bd39f Darren Embry

03:54 PM Revision f3d7f30e: update help text in port fields to Firewall -> Aliases (PEV-394754)

Darren Embry

03:51 PM Revision babac37a: Add click jacking support. Ticket #2419

Scott Ullrich

02:15 PM Bug #2063: PHP Memory Usage too high for 128MB RAM Systems (like ALIX)

pull request attempt number 2: https://github.com/bsdperimeter/pfsense/pull/106 Irving Popovetsky

12:35 PM Bug #2063: PHP Memory Usage too high for 128MB RAM Systems (like ALIX)

Pull request to set the number of web configurator processes to 1 on ALIX systems with 256MB RAM or less
https://... Irving Popovetsky

12:56 PM Revision 970934dc: Revert "Bump config version to take care of new vips" - forgot to revert this when I reverted the main vip commit.

This reverts commit ccf346ddb80997a4426484c25e5c3bd8a223990f. Jim Pingle

12:02 PM Bug #2359 (Resolved): Typo: OpenVPN Configuration Page has two items "Server DHCP Bridge Start"

Jim Pingle

11:49 AM Bug #2359: Typo: OpenVPN Configuration Page has two items "Server DHCP Bridge Start"

This is already fixed for 2.1: https://github.com/bsdperimeter/pfsense/pull/96 Irving Popovetsky

11:46 AM Bug #2328: Numerous non-CP logs ending up in CP logs

http://www.php.net/manual/en/function.openlog.php#98307 suggests an alternate way of specifying the facility that may... Jim Pingle

11:35 AM Bug #2328: Numerous non-CP logs ending up in CP logs

That looks like anything in PHP that uses log_error() is doing that.
However log_error is doing this:... Jim Pingle

11:45 AM Bug #2419 (Feedback): Possible Clickjacking Vunerability

Scott Ullrich

09:57 AM Feature #2424 (Resolved): Allow masking of pass-thru MACs

ipfw supports masking MACs, sort of like a CIDR, and this could be a useful feature to allow, for example, all phones... Jim Pingle

09:34 AM Bug #2423 (Closed): OpenNTPD seems to fail over time and can cause unintended clock skew.

Over time, NTP eventually loses the ability to keep the clock in sync and sometimes will actually set the wrong time,... Jim Pingle

07:07 AM Revision 5b5c9911: Add _ to the list of are allowed characters

Warren Baker

07:02 AM Revision 06f746c3: Add _ to the list of are allowed characters

Warren Baker

06:51 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)

Some error
Snap 2.1-DEVELOPMENT built on Wed May 9 21:13:38 EDT 2012 ... Yan Triary

02:34 AM Feature #2418 (Closed): HttpOnly and Secure flag are not set in the HTTP response header

Awesome stuff. Warren Baker

02:27 AM Feature #2418: HttpOnly and Secure flag are not set in the HTTP response header

Wow.. Fantastic
Works as i had hoped
thank you for the quick fix Laterpay Gmbh

01:57 AM Revision 82618bec: fix typo

Chris Buechler

01:57 AM Revision b1aa904f: fix typo

Chris Buechler

05/09/2012

08:55 PM Revision 2f65de89: Add initial support for subjectAltName - still needs some select love for the "type" field, freetext for now for testing (it does work, cert gets the specified subjectAltName).

Jim Pingle

05:51 PM Revision ddb71e4c: Handle HTTPOnly and Secure flags on cookies

Warren Baker

05:25 PM Revision ca88c37e: Include TCP flags in CLI filter parser output (if present)

Jim Pingle

05:08 PM Revision 49ddf9a1: Handle HTTPOnly and Secure flags on cookies

Warren Baker

04:49 PM Bug #2422 (Assigned): Captive Portal: Allowed Hostnames tab - cannot remove a previously added hostname

Chris Buechler

04:38 PM Bug #2422 (Resolved): Captive Portal: Allowed Hostnames tab - cannot remove a previously added hostname

When trying to delete a previously added hostname from a Captive Portal zone - nothing happens. There is no error, bu... Yuri Keren

01:49 PM Feature #2418 (Feedback): HttpOnly and Secure flag are not set in the HTTP response header

Change committed in commit:49ddf9a10ff3379162d437622f664cfe924b4552 - let us know if you happy this please. Warren Baker

09:47 AM Feature #2418 (Closed): HttpOnly and Secure flag are not set in the HTTP response header

According to our tests for PCI-DSS certification by a professional security auditing team.
PfSense lacks the HttpO... Laterpay Gmbh

01:34 PM Bug #2421 (Resolved): Filter log parser misinterprets some rare lines resulting in TCP:lo for the proto/flags

The following raw log entry:... Jim Pingle

12:08 PM Feature #2416: Hybrid NAT mode that is a mix of Auto+Manual

While we're doing this, may as well add a fourth outbound NAT option
* Off (all outbound NAT disabled)
Then someo... Jim Pingle

09:52 AM Bug #2419 (Resolved): Possible Clickjacking Vunerability

According to our tests for PCI-DSS certification by a professional security auditing team.
PfSense has a possible ... Laterpay Gmbh

05/08/2012

10:22 PM Revision 30274157: Revert "Make vips vhid be unique per parent interface!" - per cmb, this should not have been on RELENG_2_0 see ticket #2415

This reverts commit 4d0c032c528b10221a2ef894b5eca34f6fda39a7.
Conflicts:
etc/inc/openvpn.inc
etc/in... Jim Pingle

07:43 PM Revision 8a4b381f: Update zoneinfo using latest zones from FreeBSD

Jim Pingle

07:42 PM Revision 23b1fc49: Update zoneinfo using latest zones from FreeBSD

Jim Pingle

07:05 PM Revision b80e57d4: Pull in fix for Ticket #1917 to RELENG_2_0 as well.

Jim Pingle

07:02 PM Revision 84931046: Back out duplicated fix from 107e8acc - Ticket #1917 was already fixed before this was added.

Jim Pingle

06:20 PM Bug #2415: Fallout from CARP vip interface names changes

I reverted that commit, had to adjust a few things since it didn't come out cleanly, but it should be out of RELENG_2... Jim Pingle

06:02 PM Bug #2415: Fallout from CARP vip interface names changes

this needs to be backed out entirely from RELENG_2_0, it wasn't supposed to be there. Chris Buechler

12:19 PM Bug #2415 (Resolved): Fallout from CARP vip interface names changes

Now that CARP VIP interfaces have been renamed, some issues have come up. They are now named, for example, wan_vip241... Jim Pingle

05:15 PM Revision 7ff663d3: Respect ['upload_path'] for upload_tmp_dir for PHP

Warren Baker

04:54 PM Revision 1e476e11: $realif only exists on apply, which this code path would never touch. Change to use the configured interface instead. Fixes #2212

Jim Pingle

04:49 PM Revision 76ac460b: $realif only exists on apply, which this code path would never touch. Change to use the configured interface instaed. Fixes #2212

Jim Pingle

04:15 PM Feature #1986: Find a way to list logged in IPsec xauth users

Also this does not seem to work.
[2.1-DEVELOPMENT][root@pfsense-amd64.localdomain]/root(68): racoonctl show-sa isa... Jim Pingle

09:17 AM Feature #1986 (New): Find a way to list logged in IPsec xauth users

Setting this back to New since we still need code in the GUI to read this yet. Jim Pingle

03:40 PM Bug #2030 (Feedback): Timezones need to update for Russia

Updated zoneinfo in commit:23b1fc4 and commit:8a4b381 Jim Pingle

03:29 PM Bug #2030 (New): Timezones need to update for Russia

We do keep a copy of zoneinfo.tgz in the git repo. Hasn't been touched since 2008, and our code pulls the zones from ... Jim Pingle

03:37 PM Revision 76db94c2: Add last check timestamp to gateway status (actually just fix it, since the code was there, but not functional) Fixes #1155

Jim Pingle

02:53 PM Feature #1917: DHCP server support for multiple domains in search list

Looks like someone also checked in a fix in commit:107e8acc that broke this again. It appears the fix on this ticket ... Jim Pingle

02:46 PM Bug #2348 (Resolved): rc.filter_synchronize is broken

This appears to be properly fixed and functional on current snapshots. Jim Pingle

02:38 PM Bug #2332: gateways always renamed to "dynamic". Implement proper IPv6 support

This seems mostly OK but I discovered one case the other day that is still problematic.
If you have a PPPoE interf... Jim Pingle

02:34 PM Bug #2144 (Resolved): pfSense dyndns for Namecheap doesn't work with hostnames containing "."

I added a hostname with a . to one of my domains using Namecheap DNS and it updated fine, so this is fixed. Jim Pingle

02:21 PM Feature #2416 (Resolved): Hybrid NAT mode that is a mix of Auto+Manual

Often we suggest people switch to manual outbound NAT to make some very basic adjustments (such as a static port for ... Jim Pingle

01:03 PM Revision cb01726c: Move the stop_packages code to a function, and call the function from the shell script, and call the function directly for a reboot. Fixes #2402 and ticket #1564

Jim Pingle

12:50 PM Bug #2212 (Feedback): dhclient not stopped after changing interface from DHCP to other type

Applied in changeset commit:76ac460bd4a95a8600b05cecebd8d66f20feed70. Jim Pingle

12:20 PM Bug #2300: Static routes for IPsec peers missing when attached to IP Alias VIP

The problem seems to be, in part, that this checks for an interface name of carp or vip, but with IP alias it would a... Jim Pingle

11:55 AM Feature #2347 (Resolved): Add routes into the routing table for delegated IPv6 prefixes.

Closing this as the routing for PD nets is working great now, I plugged my ALIX in with a stock config and it pulled ... Jim Pingle

11:55 AM Bug #2414 (Resolved): IPv6 DHCP WAN, issue routing firewall-generated traffic

From Seth:
> There is a problem where pfSense itself can not reach the ipv6 internet [with a DHCPv6 WAN] leading to ... Jim Pingle

11:40 AM Bug #1155: [patch] status_gateways.php doesn't show last check time

Applied in changeset commit:76db94c28d3cabe38f0b0921c21f80dfddcf93fc. Jim Pingle

11:32 AM Bug #1155 (Feedback): [patch] status_gateways.php doesn't show last check time

The code was already there to show that timestamp, so I fixed it up to show it (not quite how this patch was, better ... Jim Pingle

09:46 AM Feature #2413: Allow IPv6 interface configuration from the menu

That second bit about v4 already has a ticket - #2074 Jim Pingle

03:23 AM Feature #2413 (Resolved): Allow IPv6 interface configuration from the menu

The current console menu only allows for IPv4 interface configuration. We need to add support for IPv6 interface conf... Seth Mos

09:39 AM Feature #2242 (Resolved): Add status of lagg(4) member interfaces to Status > Interfaces

Jim Pingle

09:38 AM Bug #2127 (Resolved): Full Update Image Size is too large on 2.1

This has been OK for a while, the images are now under 90MB, which is down considerably from where they started. Jim Pingle

09:13 AM Bug #1112 (New): IPsec GUI/backend missing RADIUS support

Setting this back to New only since we still need to code up GUI support for this. The backend part should be OK. Jim Pingle

09:05 AM Bug #1427 (Resolved): Typo? in /tmp/post_upgrade_command prevents UP kernel upgrade

Jim Pingle

09:03 AM Bug #2314 (Resolved): Members to bridge not added

Tested newest snapshots and it works for me. Jim Pingle

08:58 AM Bug #2370 (Resolved): syslog.conf requires IPv6 literal

This has been working fine for me since that last commit. Logs are coming across IPv6 and are targeted at an IPv6 IP ... Jim Pingle

08:58 AM Bug #2402 (Resolved): rc.stop_packages synxtax error when executed

This has been working fine for me since my last fix. No errors, and it runs as expected during shutdown. Jim Pingle

08:53 AM Bug #2360 (Resolved): OpenVPN "tap" mode not working

Jim Pingle

07:35 AM Bug #2360: OpenVPN "tap" mode not working

appears to be working now. Thanks! Johannes Ullrich

05/07/2012

10:53 PM Revision c8deb624: Merge pull request #102 from marcelloc/patch-9

Fix missing description in rowhelper. Scott Ullrich

10:48 PM Revision 31366121: Fix missing description in rowhelper.

Marcello Silva Coutinho

08:58 PM Revision 58d642df: Use a better default update url

Jim Pingle

07:57 PM Revision 8358b341: Whoops, typo. Fixed now.

Jim Pingle

07:57 PM Revision 45eb5e65: Whoops, typo. Fixed now.

Jim Pingle

07:04 PM Bug #1667: L2TP server does not respond properly from a CARP VIP

This seems to be the classic UDP problem where the system will source the reply from the "closest" address rather tha... Jim Pingle

07:01 PM Revision 17113cea: Don't pass a shell escaped version of $realifl to pfSense_bridge_add_member(). Fixes bridging

Jim Pingle

07:00 PM Revision e5e88403: Don't pass a shell escaped version of $realifl to pfSense_bridge_add_member(). Fixes bridging

Jim Pingle

06:36 PM Revision c4ac3144: Fix missing paren

Jim Pingle

06:21 PM Bug #1892 (Resolved): Cannot static add static IPv6 route.

Chris Buechler

06:20 PM Revision fe7d855d: Bump to 2.0.2-RC1 for testing.

Jim Pingle

06:17 PM Feature #1184 (Resolved): Certificate Manager - Ability to add nsCertType=SERVER extension to certificates

Chris Buechler

06:16 PM Feature #1258: dyndns - DNS Made Easy

make a merge request on github and this will make 2.1. Chris Buechler

06:14 PM Feature #1801: Intermediate SSL certs box

easily worked around by pasting in the cert chain for the CA cert. Chris Buechler

06:12 PM Bug #2336 (Resolved): PHP extensions missing in amd64 builds (at least)

Chris Buechler

06:03 PM Bug #1662 (Resolved): DNS server gateway selection missing input validation

Chris Buechler

05:27 PM Revision cd619518: Merge pull request #101 from marcelloc/patch-8

Patch 8 Scott Ullrich

05:27 PM Revision 9a1a0fac: Merge pull request #100 from marcelloc/patch-7

Stop service needs to wait process to be stopped before trying to restar... Scott Ullrich

04:06 PM Revision 9a1248b3: Stop service needs to wait process to be stopped before trying to restart it.

Marcello Silva Coutinho

03:53 PM Revision 6ae78f08: Stop service needs to wait process to be stopped before trying to restart/start it.

Marcello Silva Coutinho

03:52 PM Bug #2314: Members to bridge not added

Ah you're right, I didn't copy/paste or save from the test box to the repo like I usually do. Easy to miss in the fon... Jim Pingle

03:47 PM Bug #2314: Members to bridge not added

I think it works, with one small typo fixed:
pfSense_bridge_add_member($bridgeif, $realifl);
last later should ... Johannes Ullrich

03:29 PM Bug #2314 (Feedback): Members to bridge not added

This should be fixed now by commit:e5e8840356e1f9ac2cd0e12f511599b5df84ace9 Jim Pingle

03:29 PM Bug #2360 (Feedback): OpenVPN "tap" mode not working

This may be fixed now with commit:e5e8840356e1f9ac2cd0e12f511599b5df84ace9 Jim Pingle

05/06/2012

06:07 PM Revision 89341b50: fix vouchers

Chris Buechler

04:02 PM Revision 5db4d1eb: Test if this is an array before using it as an array.

Jim Pingle

12:06 PM Revision 18e89fd6: Merge pull request #99 from znerol/feature/master/dns-host-alias

Support name based aliasing via CNAMEs or some other mechanism. Jim Pingle

08:10 AM Feature #2410 (Feedback): Support name based aliasing via CNAMEs or some other mechanism.

Applied in changeset commit:5a2a83493cdb3f647b4913f3b84ef864103148f5. Anonymous

04:35 AM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

https://github.com/bsdperimeter/pfsense/pull/99 znerol znerol

03:17 AM Bug #2412 (Resolved): inbound 6to4 traffic does not work in pf

With the WAN configured as 6to4 it is possible to browse the internet but it is not possible to initiate traffic from... Seth Mos

05/05/2012

07:47 PM Revision 85d1b51b: Fix whitespace: use spaces in services_dnsmasq_edit.php in order to match coding style of surrounding html

Lorenz Schori

05:51 PM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

The code seems to work fine for me. I added a host, gave it an alias, and it was populated in /etc/hosts as expected.... Jim Pingle

05:46 PM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Whitespace could use some cleanup, but usually patches will work so long as they are clean. It may have been that the... Jim Pingle

03:45 PM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Whitespace is handled somewhat inconsistently throughout the pfsense codebase. I tried hard to mimic the style of exi... znerol znerol

03:16 PM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Done. https://github.com/znerol/pfsense Branch: feature/master/dns-host-alias znerol znerol

12:40 PM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

mater is 2.1 (for now)
Interesting, I just did another gitsync to bring my VM up to the most current code and it s... Jim Pingle

12:22 PM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Actually the patch is against the master branch on github. The last commit i see in my git log is https://github.com/... znerol znerol

11:30 AM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Was that patched against 2.0.1 or 2.1? It doesn't appear to apply to 2.1. Jim Pingle

07:35 AM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Patch attached. It applies on an installed pfsense 2.0.1 as well as onto git master.
In order to patch a running s... znerol znerol

11:07 AM Revision 5a2a8349: Add support for aliases in DNS Forwarder, fixes #2410

Lorenz Schori

05/04/2012

10:37 PM Bug #2411 (Closed): OpenVPN Automatic Rule Generation does not update TCP/UDP

The only place that makes a firewall rule for OpenVPN is in the wizard, and that's a one-time deal. There isn't an au... Jim Pingle

10:06 PM Bug #2411 (Closed): OpenVPN Automatic Rule Generation does not update TCP/UDP

When changing the protocol type of an OpenVPN connection, the automatic firewall rule generation does not update the ... Phil Jaenke

12:18 PM Revision 3eebc3eb: Minimal non-intrusive change for SSHDCond package extra parameters

Andy I.

10:27 AM Bug #2398: tftpd and tftp-proxy (inetd?) dies after WAN periodic reset

Anyone can confirm this issue ? Xavier Romain

08:02 AM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Hosts file would work great I suspect, interface mock looks good too. Thanks! allen landsidel

05:42 AM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.

Hi. I probably could put together something for pfSense 2.0. Instead of implementing "real" CNAME support I'd like to... znerol znerol

05/03/2012

04:48 PM Revision a52706d5: missed a spot for #2407

Darren Embry

04:34 PM Revision 470d24a3: implement #2407: create config option for captive portal listening port

Darren Embry

02:54 PM Revision 6b2d4b5a: fix for #2356 'track interface'

convert pulldown for ipv6 prefix id to a textbox. validation is
implemented. Darren Embry

02:53 PM Revision 331103ae: Fix syntax error in bogons update

Jim Pingle

12:55 PM Feature #2410 (New): Support name based aliasing via CNAMEs or some other mechanism.

Resubmission of feature request 129 from 1.2.2
I would like to request that this feature reconsidered. Regardless ... allen landsidel

12:42 PM Feature #129: CNAME support for dnsmasq

Cancel that, entering new ticket for this in 2.x. allen landsidel

11:50 AM Feature #129: CNAME support for dnsmasq

I would like to request that this ticket be reopened and the feature reconsidered. Regardless of what DJB may think,... allen landsidel

12:39 PM Bug #2409 (Resolved): ipfw - entryzerostats

I apologize for my english...
pfSense 2.0.1
When logging in CaptivePortal (auth Radius, Accounting Updates - Start/... Vlad Arakin

10:49 AM Feature #2356: Fill the "Track Interface" prefix drop down list asynchronously

aggh, stupid dumb idiot darren forgot to commit changes.
they're there now in commit:6b2d4b5a . Darren Embry

07:01 AM Bug #2408 (Rejected): Wireless run driver crashes kernel

we don't create or control drivers, report the problems upstream to FreeBSD, after testing with a newer base stock Fr... Chris Buechler

06:52 AM Bug #2408 (Rejected): Wireless run driver crashes kernel

The run driver for a common 11n Ralink chipset casues severe system instability and kernel crashes. I have tested tha... Volker Kuhlmann

05/02/2012

12:30 PM Revision 8d70eb8d: When the "OpenVPN" users type was commented out of the drop-down, this function wasn't adjusted so it was off by one in its counts, making the URL table update frequency box disabled.

Jim Pingle

12:29 PM Revision aa11af07: When the "OpenVPN" users type was commented out of the drop-down, this function wasn't adjusted so it was off by one in its counts, making the URL table update frequency box disabled.

Jim Pingle

05/01/2012

08:00 PM Revision e0c45357: Move routing (radvd, routed, ospf, bgp) to its own log since these daemons can be really spammy at times.

Jim Pingle

06:25 PM Revision 3a1e12cf: Add some safety belt checks to status_queues.php to prevent exec blocking or infinite redirection loops. Better error display when things go wrong.

Jim Pingle

05:32 AM Revision eedd093a: correct hostname variable, and use FQDN

Chris Buechler

04:41 AM Revision a1a0cd46: fix saving of hard timeout

Chris Buechler

04:29 AM Revision 402ffa96: fix text

Chris Buechler

01:20 AM Bug #2330 (Resolved): vouchers disappear when saving

fixed Chris Buechler

12:25 AM Bug #2406 (Resolved): No IP alias within the subnet of a CARP IP can be deleted

The input validation that triggers: ... Chris Buechler

04/30/2012

07:32 PM Revision 60dd7649: Move the stop_packages code to a function, and call the function from the shell script, and call the function directly for a reboot. Fixes #2402 and ticket #1564

Jim Pingle

04:29 PM Revision 6478e71e: Fix display of widgets with configuration controls in IE. From Gertjan on the forum. See http://forum.pfsense.org/index.php/topic,42977.0.html

Jim Pingle

03:30 PM Bug #2402 (Feedback): rc.stop_packages synxtax error when executed

Applied in changeset commit:60dd7649d02e4a82f9d57953359bf312038f174a. Jim Pingle

03:07 PM Bug #2402: rc.stop_packages synxtax error when executed

Looks like that syntax:... Jim Pingle

02:09 PM Revision cb8c684e: Better error handling for crypt_data and also better password argument handling

Jim Pingle

02:08 PM Revision 15855fbc: Better error handling for crypt_data and also better password argument handling

Jim Pingle

01:03 PM Bug #2405 (Rejected): Lack of traffic shaping queue parent can take firewall down (pass no traffic)

Simple: create a Traffic Shaper queue but forget to choose a queue parent.
from: http://tech.akom.net/archives/59... Scott Ullrich

04/28/2012

02:54 PM Bug #2402 (Resolved): rc.stop_packages synxtax error when executed

PHP appears to be choking on the new changed syntax in /etc/rc.stop_packages. It's giving a syntax error when execute... Jim Pingle

08:30 AM Revision 3f76f90e: Add note to NAT Reflection helper indicating where it works.

Erik Fonnesbeck

08:12 AM Revision 8c06bd69: Change description of 1:1 NAT Reflection setting to be more accurate.

Erik Fonnesbeck

07:38 AM Revision f9053c0c: Restore protection for the "destination any" case for port forward NAT Reflection, which was forgotten when shuffling around code before committing. Also add a couple other missing checks.

Erik Fonnesbeck

04:06 AM Revision de6348e6: Fix preservation of the selection of interfaces on input errors for floating rules.

Erik Fonnesbeck

03:59 AM Revision 43fd29df: Fix preservation of the selection of interfaces on input errors for floating rules.

Erik Fonnesbeck

04/27/2012

11:02 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)

I've done some testing and I think the patch to add the "match" action must be missing. Erik Fonnesbeck

02:52 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)

Found this issue and have following observation:
It is always the first match rule that gives the syntax error, no m... Beat Siegenthaler

02:44 PM Bug #2401 (Resolved): Mounting read-only after mounting read-write can be very slow on NanoBSD

Mounting read-only after mounting read-write can be very slow on recent NanoBSD images on 2.1, based on FreeBSD 8.3
... Jim Pingle

08:30 AM Revision eb2d95f9: Use !empty instead of isset to prevent accidental deletion of the last used repository URL when firmware update gitsync settings have been saved without a repository URL.

Erik Fonnesbeck

08:08 AM Feature #2400 (Closed): GUI options for WPA Enterprise with identity/password

WebCfg WiFi Interfaces allows one to connect to just about anything, but connecting to a AD network with identity/pas... Mattias Ingered

08:04 AM Feature #1825: Dynamic DNS client IPv6 support

Just noticed that https://dns.he.net/ supports IPv6 for DynDNS now. Update format is identical to IPv4, just send the... Jim Pingle

04:07 AM Bug #2399: Typo from IGMP proxy service in system log

I confirm, "ERRO" is in igmpproxy daemon. Xavier Romain

01:47 AM Revision c5d8b1f4: Use !empty instead of isset to prevent accidental deletion of the last used repository URL when firmware update gitsync settings have been saved without a repository URL.

Erik Fonnesbeck

01:37 AM Revision f122c1a3: Add a space between Note: and the message. Also move the period into the gettext string, since punctuation is not language-independent.

Erik Fonnesbeck

04/26/2012

10:36 PM Revision d372a32d: fix text. ticket #2399

Chris Buechler

10:34 PM Revision f2ff5c8b: fix text. Ticket #2399

Chris Buechler

10:04 PM Revision 0637b0a9: fix for Bug #2253 Quality Graphs not generated after 'Reset RRD Data'

Seth Mos wrote:
> This needs to call setup_gateways_monitor() in after
> enable_rrd_graphing() to fix.
Also note: $r... Darren Embry

06:33 PM Bug #2399: Typo from IGMP proxy service in system log

with the exception of "ERRO" which isn't in our code. Chris Buechler

06:30 PM Bug #2399 (Resolved): Typo from IGMP proxy service in system log

fixed, thanks Chris Buechler

03:02 PM Bug #2399 (Resolved): Typo from IGMP proxy service in system log

1) igmpproxy: *+ERRO+*: There must be at least 2 Vif's where one is upstream. (vifcount 16, upStreamVif -1)
2) php: ... Xavier Romain

06:08 PM Bug #2330: vouchers disappear when saving

Has this issue been resolved? You can answer by marking it as such. Thanks. :-) Darren Embry

06:06 PM Bug #2253: Quality Graphs not generated after 'Reset RRD Data'

> Cool, the one-minute graph is refreshing
by which I don't mean scintillating or interesting. :-) Darren Embry

06:05 PM Bug #2253 (Resolved): Quality Graphs not generated after 'Reset RRD Data'

Cool, the one-minute graph is refreshing. Marking as resolved.
Darren Embry

06:00 PM Bug #2253 (Assigned): Quality Graphs not generated after 'Reset RRD Data'

I've implemented the fix in commit:0637b0a9. Let's see if graphs get populated again... Darren Embry

02:42 PM Bug #2398: tftpd and tftp-proxy (inetd?) dies after WAN periodic reset

TFTP package info from config.xml :... Xavier Romain

02:33 PM Bug #2398 (Closed): tftpd and tftp-proxy (inetd?) dies after WAN periodic reset

When the WAN (PPPoE in my case) connection is restarted by custom periodic reset or when connection resetted by ISP, ... Xavier Romain

10:37 AM Feature #2356: Fill the "Track Interface" prefix drop down list asynchronously

P.S. The "array" would literally be every single value from 0 to (2 ^ _n_) - 1 for some value of _n_ (at least that's... Darren Embry

10:34 AM Feature #2356: Fill the "Track Interface" prefix drop down list asynchronously

The code displays and validates for the range already.
!http://i.imgur.com/L0yoJ.png! Darren Embry

03:26 AM Revision 10c1352e: Merge pull request #97 from alowther/master

Additional RIP options Chris Buechler

04/25/2012

09:51 PM Revision b30e3be4: options for auto-summary/supernet

Andrew Lowther

06:55 PM Feature #2386: Bridge member that is not an assigned interface

I'm adding screenshots of a configuration I use that would benefit from this. For firewall rules, the only interface... Ryan J

06:27 PM Revision 655e4d41: The descr field might not exist, use a uppercase friendly name

Seth Mos

03:17 PM Bug #2314: Members to bridge not added

This is probably due to the changes made in
commit:2064fa2eb4e2bca59f7c675969ee13752283d4c1
And in pfSense-tools... Jim Pingle

06:39 AM Revision 0cfaf2c8: Revert "Use 'Packet Loss or High Latency' as the default option when creating a new gateway group"

This reverts commit 6ee04b69c8ace44e798e29e665039455aad1c439. Warren Baker

06:39 AM Revision 8de4a8bc: Revert "Use 'Packet Loss or High Latency' - use a fullstop, fixes #2397"

This reverts commit 1cc71979e44d7955084a0cdb50d7698239fac770. Warren Baker

05:03 AM Revision f81398b0: Merge pull request #96 from irvingpop/master

Simple OpenVPN bridge wording fix Chris Buechler

05:00 AM Revision 850ae59e: Correct wording "Server Bridge DHCP Start" is shown instead of "Server Bridge DHCP End"

Irving Popovetsky

02:59 AM pfSense Packages Bug #2396 (Closed): apache_mod_security_package missing mod_proxy.so (and perhaps others)

Chris Buechler

02:40 AM Todo #2397 (Rejected): Gateway Groups

Currently when defining a new Gateway group, the default trigger level is set to 'Member Down'.
It ideally should be... Warren Baker

02:40 AM Todo #2397: Gateway Groups

Applied in changeset commit:8de4a8bc4d52755dce1fbf2fe80d45687397a429. Warren Baker

01:22 AM Todo #2397: Gateway Groups

Hrmm. I think http://doc.pfsense.org/index.php/Multi-WAN_2.0#Trigger_Level needs to be changed then to indicate this ... Warren Baker

01:03 AM Todo #2397: Gateway Groups

"member down" doesn't mean link down, or it never has historically up to and including recent 2.1, it means it's comp... Chris Buechler

04/24/2012

07:19 PM Revision 1cc71979: Use 'Packet Loss or High Latency' - use a fullstop, fixes #2397

Warren Baker

07:18 PM Revision 6ee04b69: Use 'Packet Loss or High Latency' as the default option when creating a new gateway group

Warren Baker

03:20 PM Todo #2397 (Feedback): Gateway Groups

Applied in changeset commit:1cc71979e44d7955084a0cdb50d7698239fac770. Warren Baker

03:12 PM Todo #2397: Gateway Groups

Make sure to touch gwlb.inc return_gateways_array(); it defaults to memberdown for any dynamic gateway. That needs to... Seth Mos

02:51 PM Todo #2397 (Rejected): Gateway Groups

Currently when defining a new Gateway group, the default trigger level is set to 'Member Down'.
It ideally should be... Warren Baker

02:37 PM pfSense Packages Bug #2396: apache_mod_security_package missing mod_proxy.so (and perhaps others)

Sorry for the duplicate, I hadn't seen issue #2318. Robin McLeod

02:35 PM pfSense Packages Bug #2396 (Closed): apache_mod_security_package missing mod_proxy.so (and perhaps others)

Related to issue #1244
This was supposed to have been fixed but I'm still getting the following error on a fresh i... Robin McLeod

10:03 AM Bug #2395 (Closed): Port forwards with destination "any" on OpenVPN interface creates invalid rules

Seems to be a duplicate of #1882 which should be fixed in RELENG_2_0 and master. Jim Pingle

07:52 AM Bug #2395 (Closed): Port forwards with destination "any" on OpenVPN interface creates invalid rules

These two lines: ... Chris Buechler

06:50 AM Revision f7cd5647: Make sure to stop the dhcpleases6 process

Seth Mos

02:14 AM Revision cb062635: routes should not be skipped when IPsec is on WAN, as WAN may not be the default gateway.

Chris Buechler

02:14 AM Revision 58070e1c: routes should not be skipped when IPsec is on WAN, as WAN may not be the default gateway.

Chris Buechler

04/23/2012

07:40 PM Bug #2394 (Resolved): IPsec keepalive doesn't work with 0.0.0.0/0 local subnet

When you have a keepalive IP defined in a phase 2 that uses 0.0.0.0/0 (everything) as the local network, the logic th... Chris Buechler

06:49 PM Bug #2314: Members to bridge not added

I can also confirm this behaviour on:
2.1-DEVELOPMENT (amd64)
built on Sun Apr 22 05:15:07 EDT 2012
FreeBSD 8.3-... Daniel Llewellyn

11:50 AM Bug #2278: IPv6 Carp vip both master on FreeBSD 8.3

Hy,
It's works for me ! Thank you very much !
Have you a idea of the date of integration in official image ?
Regards Pierre BLONDEAU

09:27 AM Revision 2fc4190f: Merge pull request #95 from phil-davis/master

Remove existing RRD files before restoring from XML Seth Mos

09:09 AM Revision 6a7b35ea: Delete any existing /var/db/rrd/*.rrd files before restoring from the XML

Phil Davis

09:01 AM Revision 905ea336: Minor corrections to function names in error messages

Phil Davis

04:35 AM Revision 7c382a88: go back to scrub rather than "scrub in", the latter breaks MSS clamping for egress traffic the way we use it

Chris Buechler

04:33 AM Revision 912d1887: go back to scrub rather than "scrub in", the latter breaks MSS clamping for egress traffic the way we use it.

Chris Buechler

12:59 AM Bug #2384: "Network interface mismatch" displayed for some valid configurations

Reverted the get_interface_list() part. I had forgotten that the interfaces named in $vfaces don't show for interfac... Erik Fonnesbeck

12:35 AM Bug #2210 (Resolved): "scrub in" usage needs evaluated

reverted back to original behavior without "in" after further evaluation and discussion with Ermal. Chris Buechler

04/22/2012

10:39 PM Revision d887d7f9: Revert change to get_interface_list()'s $vfaces list for now. Interfaces in this list that are supposed to be listed on Interfaces: Assign need special logic on that page, which has not been added yet.

Erik Fonnesbeck

05:08 PM pfSense Packages Bug #1737 (Closed): ospfd - Route deleted after reboot and reload of the ospfd process

closing since openospfd is being ditched in favor of quagga Chris Buechler

04:41 PM Bug #2393 (Closed): PF not "forgetting" older IP addresses after a change on the WAN interface

duplicate Chris Buechler

11:02 AM Bug #2393 (Closed): PF not "forgetting" older IP addresses after a change on the WAN interface

Hi,
when starting pfsense and the cable modem from my provider together at the same time, the cable modem comes up... Oliver Loch

12:11 PM Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

DNS damn autocorrect. Oliver Loch

12:10 PM Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

When I do what I wrote in the first post, the DNA lookup via dnsmasq stops working -> bug.
Oliver Oliver Loch

11:45 AM Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

Well not meaning to be pedantic about it, but the bug/pebkac question should be solved on the forum before opening a ... Jim Pingle

11:34 AM Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

Yeah, you're right, but when i try to differ between a bug and pebcak, one should be able to ask the question.
I'm... Oliver Loch

11:11 AM Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

That's really a question for the forum, not the ticket system. Such discussion doesn't belong on here. Jim Pingle

11:08 AM Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

Hi,
yes it's also breaking if I don't assign the traffic to a queue.
The default queue is used anyway, which is... Oliver Loch

10:57 AM Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

Does it break without the QoS parts on the rule?
QoS on floating rules should be using the "match" action, not "pa... Jim Pingle

10:54 AM Bug #2392 (Closed): Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

Hi,
when adding a floating rule that allows outgoing traffic on the wan interface from the wan address to any tcp/... Oliver Loch

03:21 AM Todo #1940: Integrate rSyslogd

Another vote for rsyslog here too . We too would like to monitor remote deployments. Joe Black

04/21/2012

07:12 PM Bug #2391 (Rejected): Change of Descriptions of Firewall:Rules by XMLRPC Sync

this is by design for complex reasons. it has another ticket already Chris Buechler

06:52 PM Bug #2391 (Rejected): Change of Descriptions of Firewall:Rules by XMLRPC Sync

I created a pfSense cluster with 2 members, using CARP IPs and XMLRPC for configuration sync.
I noticed that XMLRP... Dim Hatz

07:11 PM Bug #2390 (Closed): Change of Descriptions of Firewall:Rules by XMLRPC Sync

Chris Buechler

06:53 PM Bug #2390: Change of Descriptions of Firewall:Rules by XMLRPC Sync

posting error, please remove (replaced by #2391) Dim Hatz

06:51 PM Bug #2390 (Closed): Change of Descriptions of Firewall:Rules by XMLRPC Sync

QoS - Catch TOS 0x30 traffic Squid cache HIT Dim Hatz

03:08 PM Bug #2389: CP asks for a voucher code from MACs in the passthrough list

I just tried changing "set 0" to "set 1" for the MAC entries (rules 2-7) and it didn't fix things. Those MACs are sti... Dim Hatz

04/20/2012

08:08 PM Revision d008a24e: Unbreak the system general DNS settings, it would not work anymore when set to none.

Seth Mos

04:42 PM Revision 58106afc: Enable a second pty

Ermal LUÇI

03:23 PM Revision b4a89a68: Generate the correct corresponding link local from the carp mac.

Seth Mos

08:38 AM Revision 40fa6dde: Allow optionally using the type of NAT reflection implementation used for 1:1 mappings with port forwards as well, in addition to allowing the old type, which is still useful in its own way.

Erik Fonnesbeck

07:18 AM Revision 0c963226: Add message stating which interfaces are missing.

Suggestion from http://forum.pfsense.org/index.php/topic,48366.0.html Erik Fonnesbeck

07:11 AM Revision fd863e5c: Add some missing interface types in is_interface_mismatch() and get_interface_list()'s $vfaces. Fixes #2384

Erik Fonnesbeck

06:20 AM Revision a6aedcd1: Clean up filter_generate_reflection_nat, remove obsolete checks, and add new checks that are now needed. Ticket #2240

Erik Fonnesbeck

06:20 AM Revision 112f5602: Use filter_get_direct_networks_list instead of dumping a copy of the routing table. Ticket #2240

Erik Fonnesbeck

06:20 AM Revision 868cd12c: Modify filter_get_direct_networks_list to optionally return an array instead, which includes subnet, friendly interface, and gateway (if applicable), for ticket #2240

Erik Fonnesbeck

03:40 AM Bug #2384 (Feedback): "Network interface mismatch" displayed for some valid configurations

Applied in changeset commit:fd863e5cebe67258ed48387d6471c4411701cf6b. Erik Fonnesbeck

02:47 AM Feature #2240 (Feedback): Find interface subnets and static routes without the routing table in outbound NAT rule generation for reflection

I can't change the status of "todo" type tickets for some reason, so I'm changing this one to "feature"
With these... Erik Fonnesbeck

01:35 AM Bug #2253: Quality Graphs not generated after 'Reset RRD Data'

This needs to call setup_gateways_monitor() in after enable_rrd_graphing() to fix. Seth Mos

01:33 AM Feature #2356: Fill the "Track Interface" prefix drop down list asynchronously

I'm fine with a text box, make sure the input validation is correct.
The math function the filled the drop down is p... Seth Mos

04/19/2012

10:23 PM Feature #1965: Support Multiple IPsec Peers

The biggest challenge is getting both ends to switch over correctly, as the remote would have to change its IP too. F... Chris Buechler

01:05 PM Feature #1965: Support Multiple IPsec Peers

More importantly would be a feature to at least have a "secondary wan" (Or a Gateway Group?) to use if the primary go... Jim Pingle

10:03 PM Feature #2356: Fill the "Track Interface" prefix drop down list asynchronously

as we discussed, I think it's fine as a text box, having a drop down with tens of thousands of values is nuts. will l... Chris Buechler

09:08 PM Feature #2356 (Feedback): Fill the "Track Interface" prefix drop down list asynchronously

Converting to a text field because I've determined that, no matter how implemented, a dropdown with 65,536 possible v... Darren Embry

06:43 PM Feature #2356 (Assigned): Fill the "Track Interface" prefix drop down list asynchronously

Something other than that simple print loop is causing the page loads to take so long.
65,536 print statements doesn... Darren Embry

06:27 PM Revision 3a83296f: fix for Bug #2334 quality rrd graphs do not automatically refresh

id attributes can't have a period, someone didn't read w3c specs on id attributes ;-) Darren Embry

05:44 PM Revision 4b340c90: Update the default URL here for our new FreeBSD release.

Seth Mos

05:30 PM Bug #2389: CP asks for a voucher code from MACs in the passthrough list

Looking further into this issue, the output of "ipfw -deS show" under pfsense 2.0.1 is exactly the same as above and ... Dim Hatz

05:04 PM Bug #2389 (Resolved): CP asks for a voucher code from MACs in the passthrough list

Installed 2.1-DEVEL 17-Apr-2012 and simply moved my conf*.xml from 2.0.1
For testing I used a CP configuration with ... Dim Hatz

03:12 PM Bug #2383 (Resolved): Firmware AutoUpdate preset url dropdown not showing on IPv6 only connection

Manifest should be OK now. The v6 server was missing a ServerAlias entry for updates.pfsense.com - confirmed they sho... Jim Pingle

02:55 PM Bug #2383: Firmware AutoUpdate preset url dropdown not showing on IPv6 only connection

v4 host contains
pfSense i386 stable updates http://updates.pfsense.org/_updaters
pfSense amd64 stable updates http... Seth Mos

02:42 PM Bug #2278 (Feedback): IPv6 Carp vip both master on FreeBSD 8.3

The latest snapshot I ran off by hand seems to do the trick with the updated CARP patches.
http://iserv.nl/files/p... Seth Mos

08:15 AM Bug #2278: IPv6 Carp vip both master on FreeBSD 8.3

Jim found a very descriptive similar issue on Open that appears to hit the exact same thing.
http://old.nabble.com/c... Seth Mos

02:40 PM Bug #2384: "Network interface mismatch" displayed for some valid configurations

The code recommended in the forum post seems appropriate. I think we only use stf for IPv6 specifically.
Commit that. Seth Mos

01:19 AM Bug #2384 (Resolved): "Network interface mismatch" displayed for some valid configurations

http://forum.pfsense.org/index.php/topic,48366.0.html
Should tap and the various IPv6 interfaces be added to the l... Erik Fonnesbeck

02:23 PM Bug #2334 (Resolved): quality rrd graphs do not automatically refresh

Fixed in commit:3a83296f.
And the refresh time is actually 6 minutes, not 5.
Darren Embry

11:53 AM Revision 76e91d3f: Add SUBMISSION port, fixes #2387

Warren Baker

11:29 AM Bug #830 (Closed): Service provider information should be saved

that other issue is fixed, and this original one, it's way more trouble than it's worth. Chris Buechler

11:28 AM Bug #830: Service provider information should be saved

In latest pfSense snapshot, I'm not seeing this error that Chris reported:
> also I noted if you pick United State... Darren Embry

07:55 AM Feature #2387: Add (SMTP email) submission (port 587) to Firewall Rules GUI

Wow, that was fast! 15 mins! :D Seb A

07:50 AM Feature #2387: Add (SMTP email) submission (port 587) to Firewall Rules GUI

Applied in changeset commit:76e91d3ffee70fc047c64b6c9360df1e8eeffb9a. Warren Baker

07:49 AM Feature #2387 (Feedback): Add (SMTP email) submission (port 587) to Firewall Rules GUI

SUBMISSION port added in commit:76e91d3ffee70fc047c64b6c9360df1e8eeffb9a - it will be available in the next 2.1 snaps... Warren Baker

07:33 AM Feature #2387 (Resolved): Add (SMTP email) submission (port 587) to Firewall Rules GUI

People using e-mail clients to connect to e-mail servers should be using port 587 (not 25). Sometimes this will be th... Seb A

05:51 AM Feature #2386 (Pull Request Review): Bridge member that is not an assigned interface

As suggested on #2385, a solution for bridge members showing up in unwanted places in the web GUI and the rule set wo... Erik Fonnesbeck

05:25 AM Feature #2385 (Closed): Option to hide bridges or bridge members from pf-related pages based on bridge sysctls

This should not be done in this way.
It should be possible to create bridges without assigned interfaces that is the... Ermal Luçi

01:42 AM Feature #2385 (Closed): Option to hide bridges or bridge members from pf-related pages based on bridge sysctls

For configurations with bridges, it might be nice to have an option to hide bridges or bridge members from pf-related... Erik Fonnesbeck